- New upstream version 4.2.24
+ Bug 4505: SMP caches sometimes do not purge entries
+ TPROXY: Fix clientside_mark and client port logging
+ Native FTP: Fix "Cannot assign requested address" with TPROXY
+ SSL-Bump: Fix authentication with types other than Basic
+ ... and some documentation fixes
- install license correctly (bsc#1082318) and transition to SPDXv3
OBS-URL: https://build.opensuse.org/request/show/591872
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=152
- Spec file cleanup:
+ Drop unused fillup template - it's not used by systemd script
+ Drop %pretrans section which is only used to upgrade from
version 3.4 of squid - no supported codestream has that version.
+ Drop explicit BR: on systemd-rpm-macros
- Update squid.service systemd file
+ Don't need to use squid to manage squid anymore
+ Drop references to default config file, since it's default
- Drop reference to nonexistent EnvironmentFile in the service file
OBS-URL: https://build.opensuse.org/request/show/578251
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=150
- Update Squid to 4.0.23
* fixes DoS caused by incorrect pointer handling when processing
ESI responses. This affects the default custom esi_parser
(libxml2 and expat esi_parsers are unaffected)
(bnc#1077003)
* fixes DoS caused by incorrect pointer handing whien processing
ESI responses or downloading intermediate CA certificates
(bnc#1077006)
* fixes "User names not sent to url_rewrite_program"
* fixes %<Hs, %<pt, %<tt, %<bs calculation bugs for error responses
OBS-URL: https://build.opensuse.org/request/show/568548
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=145
* systemd-service-without-service_add_pre
moved service_add_pre to %pre
* non-etc-or-var-file-marked-as-conffile
moved mib.txt to /usr/share/snmp/mibs/SQUID-MIB.txt
idea taken from Fedora package
* macro-in-comment
removed comment
Other issues are:
- permissions-dir-without-slash
=> opened security audit bug: bsc#950557
- missing-call-to-setgroups-before-setuid
* should be an upstream bug
- binary-or-shlib-calls-gethostbyname
* should be an upstream bug
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=92
* Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400
* Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte
* Bug 4323: Netfilter broken cross-includes with Linux 4.2
* Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
* Bug 4208: more than one port in wccp2_service_info line causes error
* Bug 4304: PeerConnector.cc:743 "!callback" assertion.
* Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers
* Relicense ntlm_fake_auth.pl to GPLv2+
* Relicense smb_lm auth helper to GPLv2+
* Relicense SSPI helper to GPLv2+
* ... and several minor performance optimizations
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=90
* Regression Bug 4306: build portability fix in Kerberos helpers
* Bug 4302: IPFilter v5 transparent interception
* Bug 4301: compile errors with IPFilter interception
* Bug 4285 partial: %us is not supported in access.log
* Bug 4278: Docs: typo in the refresh_pattern freshness algorithm
* Bug 4242: compile errors with eCAP using clang-3.6
* Bug 3696: crash when client delay pools are activated
* Bug 3553: cache_swap_high ignored and maxCapacity used instead
* Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion
* Fix ignore of impossible SSL bumping actions, as intended and documented
* Fix memory leak in Surrogate-Capability header detection
* Fix truncated body length when RESPMOD service aborts
* Reject non-chunked HTTP messages with conflicting Content-Length values
* Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello
* ... and several portability and compile fixes
* ... and several documentation updates
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=86
- Cleanup with spec-cleaner
- Version bump to 3.4.10:
* Fix bootstrap.sh dependency on SPONSORS.list
* HTTP/2: Support 421 (Misdirected Request) status code
* Alternate-Protocol is a hop-by-hop header
* Bug #4148: external_acl_type header format does not accept the new libformat syntax
* Bug #4033: Rebuild corrupted ssl_db/size file
* Bug #3902: Docs: external_acl_type cache hash key
* Bug #4145: squid_endian.h compile errors with OpenBSD 5.6
* Fix segmentation fault in ACLUrlPathStrategy::match
- Remove support for other distros as we build for opensuse anyway
- remove permissions.easy and permissions.paranoid files from package
as they are not used any more
OBS-URL: https://build.opensuse.org/request/show/280563
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=64